CN110414258A - Document handling method and system, data processing method - Google Patents

Document handling method and system, data processing method Download PDF

Info

Publication number
CN110414258A
CN110414258A CN201810399221.9A CN201810399221A CN110414258A CN 110414258 A CN110414258 A CN 110414258A CN 201810399221 A CN201810399221 A CN 201810399221A CN 110414258 A CN110414258 A CN 110414258A
Authority
CN
China
Prior art keywords
file
credible
operating characteristics
determined
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810399221.9A
Other languages
Chinese (zh)
Other versions
CN110414258B (en
Inventor
付颖芳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alibaba Group Holding Ltd
Original Assignee
Alibaba Group Holding Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alibaba Group Holding Ltd filed Critical Alibaba Group Holding Ltd
Priority to CN201810399221.9A priority Critical patent/CN110414258B/en
Priority to TW108107620A priority patent/TW201945969A/en
Priority to PCT/US2019/028185 priority patent/WO2019209630A1/en
Priority to US16/388,734 priority patent/US20190332765A1/en
Publication of CN110414258A publication Critical patent/CN110414258A/en
Application granted granted Critical
Publication of CN110414258B publication Critical patent/CN110414258B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/45Structures or tools for the administration of authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/561Virus type analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/567Computer malware detection or handling, e.g. anti-virus arrangements using dedicated hardware
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • H04L9/0897Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage involving additional devices, e.g. trusted platform module [TPM], smartcard or USB
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3226Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using a predetermined code, e.g. password, passphrase or PIN
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3263Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
    • H04L9/3268Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Virology (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Mathematical Physics (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Debugging And Monitoring (AREA)

Abstract

This application discloses a kind of document handling methods and system, data processing method.Wherein, this document processing method includes: the operation requests that monitoring operates file;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determine that triggering credible chip encrypts file.Present application addresses the low and at high cost technical problems of the processing accuracy of document handling method in the prior art.

Description

Document handling method and system, data processing method
Technical field
This application involves computer safety fields, in particular to a kind of document handling method and system, data processing Method.
Background technique
The wooden horse that software is a kind of prevalence is extorted, by way of kidnapping user file, can be made encrypting the file of user User data assets or computing resource can not normal use, and as condition to user's extortionist.Once user is strangled The infection of rope software, it will usually allow computer screen to pop up prompting message, user file is claimed to be encrypted, it is desirable that branch pays ransom, this When user critical data may be already encrypted that and password only has in blackmailer's hand of distal end and has.
In order to take precautions against data by illegal encryption even extortionist, a variety of solutions are provided in the prior art: in real time Redundancy technique, when extorting software kidnapping user data, user can be restored to the last backup, so that loss is reduced, but It is this scheme to sacrifice a large amount of memory space as cost;File access control technology, each document it is a kind of to application or Several document editors, limitation only have the process of these editing machines that could modify to document editor, still, this scheme need Maintenance and management white list is wanted, cost is relatively high;Key recovery technology, extorting software realization person may deposit during realization In loophole and carelessness, file encryption key in memory is not removed, can use this to find remaining key in memory, into And restore the data that user is kidnaped, still, this scheme heavy dependence extorts the loophole that software itself is realized;Binary detection Technology, by the way that Miscellaneous Documents (including suspicious document, Unknown Applications) are submitted to cloud platform automatically, detected by feature, The modes such as virtualization execution concentrate identification, find suspicious document (may be the attack document with vulnerability exploit) and malice in time Program, still, this technology can not cope with new mutation.
For the low and at high cost problem of the processing accuracy of document handling method in the prior art, not yet propose at present effective Solution.
Summary of the invention
The embodiment of the present application provides a kind of document handling method and system, data processing method, existing at least to solve The low and at high cost technical problem of document handling method processing accuracy in technology.
According to the one aspect of the embodiment of the present application, a kind of document handling method is provided, comprising: monitoring carries out file The operation requests of operation;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determine that triggering can Believe chip encryption file.
According to the another aspect of the embodiment of the present application, a kind of document handling system is additionally provided, comprising: file credible operation Monitoring parts, for monitoring the operation requests operated to file, if monitoring operation requests, the operation for obtaining operation is special Sign;Credible chip, for encrypting file;File credible operation monitoring component has correspondence with credible chip, is also used to point Operating characteristics are analysed, determine that triggering credible chip encrypts file.
According to the another aspect of the embodiment of the present application, a kind of storage medium is additionally provided, storage medium includes the journey of storage Sequence, wherein equipment where control storage medium executes following steps in program operation: the operation that monitoring operates file Request;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determine that credible chip encrypts file.
According to the another aspect of the embodiment of the present application, a kind of processor is additionally provided, processor is used to run program, In, program executes following steps when running: the operation requests that monitoring operates file;If monitoring operation requests, obtain The operating characteristics of extract operation;Operating characteristics are analyzed, determine that triggering credible chip encrypts file.
According to the another aspect of the embodiment of the present application, a kind of document handling system is additionally provided, comprising: processor;And Memory is connect with processor, for providing the instruction for handling following processing step for processor: monitoring operates file Operation requests;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determines and triggers credible core Piece encrypts file.
According to the another aspect of the embodiment of the present application, additionally provide a kind of data processing method, comprising: obtain to data into The operation requests of row operation, wherein operation requests include operation code;According to operation code, triggering credible chip encryption data is determined, Wherein, operation code corresponds to operating characteristics.
In the embodiment of the present application, the operation requests operated to file can be monitored in real time, asked when monitoring operation When asking, the operating characteristics of the available operation, and operating characteristics are analyzed, determine that triggering credible chip encrypts file, To realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved About management cost improves processing accuracy, promotes the technical effect of user experience.
It is low and at high cost to solve document handling method processing accuracy in the prior art for scheme provided by the present application as a result, The technical issues of.
Detailed description of the invention
The drawings described herein are used to provide a further understanding of the present application, constitutes part of this application, this Shen Illustrative embodiments and their description please are not constituted an undue limitation on the present application for explaining the application.In the accompanying drawings:
Fig. 1 is the schematic diagram according to a kind of document handling system of the embodiment of the present application 1;
Fig. 2 is the configuration diagram according to a kind of optional document handling system of the embodiment of the present application;
Fig. 3 is the flow chart according to a kind of optional document handling method of the embodiment of the present application;
Fig. 4 be according to the embodiment of the present application it is a kind of for realizing document handling method terminal (or movement set It is standby) hardware block diagram;
Fig. 5 is the flow chart according to a kind of document handling method of the embodiment of the present application 2;
Fig. 6 is the schematic diagram according to a kind of document handling apparatus of the embodiment of the present application 3;
Fig. 7 is the flow chart according to a kind of data processing method of the embodiment of the present application 4;
Fig. 8 is the schematic diagram according to a kind of data processing equipment of the embodiment of the present application 5;And
Fig. 9 is the structural block diagram according to a kind of terminal of the embodiment of the present application.
Specific embodiment
In order to make those skilled in the art more fully understand application scheme, below in conjunction in the embodiment of the present application Attached drawing, the technical scheme in the embodiment of the application is clearly and completely described, it is clear that described embodiment is only The embodiment of the application a part, instead of all the embodiments.Based on the embodiment in the application, ordinary skill people Member's every other embodiment obtained without making creative work, all should belong to the model of the application protection It encloses.
It should be noted that the description and claims of this application and term " first " in above-mentioned attached drawing, " Two " etc. be to be used to distinguish similar objects, without being used to describe a particular order or precedence order.It should be understood that using in this way Data be interchangeable under appropriate circumstances, so as to embodiments herein described herein can in addition to illustrating herein or Sequence other than those of description is implemented.In addition, term " includes " and " having " and their any deformation, it is intended that cover Cover it is non-exclusive include, for example, the process, method, system, product or equipment for containing a series of steps or units are not necessarily limited to Step or unit those of is clearly listed, but may include be not clearly listed or for these process, methods, product Or other step or units that equipment is intrinsic.
Firstly, the part noun or term that occur during the embodiment of the present application is described are suitable for following solution It releases:
Credible chip: credible chip (Trusted Computing) is to be widely used to be based in calculating and communication system Credible chip platform under hardware security module support, to improve the safety of system entirety.
Credible platform module (TPM): Trusted Platform Module can be and provide integrality and true for data The safety chip of reality guarantee is generally tied to by force computing platform by physics mode.
It extorts software: being a kind of wooden horse of prevalence, by way of kidnapping user file, can be made encrypting the file of user With data assets or computing resource can not normal use, and as condition to user's extortionist;The software of extorting of mainstream leads to Often there are two types of the modes of operation file, and one is directly encryptions to cover original, and the not no key of blackmailer, several in this case It can not restore;It is another then be first encryption ghost file, then delete original, it is in this case it is possible that extensive It is multiple.
Comentropy: Shannon has used for reference thermodynamic (al) concept, can be with the average information after redundancy is eliminated in information Referred to as " comentropy ", and give the mathematic(al) representation for calculating comentropy.
Embodiment 1
Due in the related technology, in order to take precautions against file pay through the nose software illegally encrypt it is a variety of used by even extortionist Document handling method is needed to sacrifice a large amount of memory space as cost, and cost is relatively high, and it is real that heavy dependence extorts software itself Existing loophole, and new mutation can not be coped with, cause document handling method processing accuracy low and at high cost.
In order to solve the above-mentioned technical problem, present applicant proposes a kind of document handling system, Fig. 1 is implemented according to the application The schematic diagram of a kind of document handling system of example 1, as shown in Figure 1, the system may include: file credible operation monitoring component 12 With credible chip 14.
Wherein, file credible operation monitoring component 12 is for monitoring the operation requests operated to file, if monitoring To operation requests, the operating characteristics of operation are obtained;Credible chip 14 is for encrypting file;File credible operation monitoring component, with Credible chip has correspondence, is also used to analyze operating characteristics, determines that triggering credible chip encrypts file.
Specifically, as shown in Fig. 2, possessing TPCM (is credible platform control module, Trusted Platform Control The abbreviation of Module) or TPM credible chip host operating system may include: system service, operating system nucleus interface layer, File system driver, volume driving, disk drive, bus driver and credible chip (TPCM/TPM), operating system pass through operation system System kernel interface layer and user application carry out data interaction, increase file credible in operating system kernel layer and operate monitoring unit Part, the component are used to intercept and capture all programs to the operation behavior of file, above-mentioned host can be smart phone (including Android phone and IOS mobile phone), tablet computer, IPAD, the mobile devices such as palm PC, be also possible to PC computer, notebook The computer equipments such as computer, the application are not specifically limited in this embodiment;Above-mentioned file can be cannot be by other users in host The sensitive document arbitrarily modified, deleted, is also possible to the sensitive document that user is not intended to other people arbitrarily to modify, delete, for example, right In commercial user, sensitive document can be the files such as contract documents, customer information file, if above-mentioned file pays through the nose, software is tied up Frame can bring massive losses to user;Above-mentioned operation may include: write operation, read operation, can specifically include encryption behaviour Operation, the application such as work, covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can be according to reality Processing needs to be defined, and different operations has different operating characteristics, and operating characteristics can characterize specifically which kind of type Operation, and whether credible chip is called to operate etc..
It should be noted that since the quantity of documents stored in host is more, it, can be only in order to promote file activity Sensitive document is monitored, and no longer All Files are monitored.
In a kind of optional scheme, in computer security application scenarios, TPCM or TPM can possessed in advance The operating system kernel layer of credible chip host increases file credible and operates monitoring part, operates monitoring part by file credible The operation requests to file are intercepted and captured, especially to the operation of sensitive document, that is, whenever file credible operation monitoring part monitoring When to the operation requests operated to sensitive document, which is intercepted, avoids operating system to this operation Request is responded.After file credible operation monitoring part intercepts operation, the operation of the available operation is special Sign, and operating characteristics are analyzed, judge whether the operation triggers credible chip encryption file, if it is determined that do not trigger, then It can determine that this time operation is illegal operation, in order to protect sensitive document, can forbid this time operating file execution, To which operating system does not respond this operation;If it is determined that triggering, then can determine this time operation be legitimate user into Capable valid operation can permit and execute this time operation to file, thus what file credible operation monitoring part release was intercepted Operation requests, operating system can respond this operation, complete corresponding operation.
Fig. 3 is according to a kind of flow chart of optional document handling method of the embodiment of the present application, below with reference to Fig. 3 to this Apply for that a kind of preferred embodiment is described in detail, as shown in figure 3, this method may include steps of:
Step S31 intercepts and captures file operation requests.
Optionally, when user operates sensitive document, initiates operation requests, file credible operates monitoring part and cuts Obtain operation requests.
Step S32 analyzes operating characteristics.
Optionally, the operating characteristics of file credible operation monitoring part analysis operation requests.
Step S33, judges whether it is write operation.
Optionally, file credible operation monitoring part judges what user needed to carry out file by analysis operating characteristics Whether operation is write operation, if it is not, that is, user needs then to enter step S34 to file progress read operation;If so, Then enter step S35.
Step S34 allows read operation.
Optionally, determine user need to file carry out read operation after, can determine this time operation be not extort it is soft The operation that part executes, therefore can permit user and read operation is carried out to file, file credible operation monitoring part asks the operation It asks and passes operating system kernel layer back and responded.
Step S35, judges whether it is cryptographic operation.
Optionally, it after determining that user needs to carry out write operation to file, is carried out in order to avoid extorting software to file Operation can further judge that user needs whether the operation carried out to file is cryptographic operation, specifically can be pre- by judging Whether the comentropy for covering the file of original document reach encryption threshold value, or passes through statistics, machine learning, pattern-recognition Method come identify covering original document content whether meet encrypted feature, to determine whether be cryptographic operation.If it is determined that not It is cryptographic operation, then enters step S36, if it is determined that is cryptographic operation, then enters step S37.
Step S36 allows covering/deletion original.
Optionally, after determining that user needs the operation carried out to file not to be cryptographic operation, it can determine and this time grasp It is not the operation for extorting software execution, can permit user and covering operation or delete operation are carried out to file, namely allow to use Family covers/deletes original, which can be passed back operating system kernel layer progress by file credible operation monitoring part Response.
Step S37 judges whether to trigger credible chip cryptographic operation.
Optionally, determine user need to file carry out cryptographic operation after, in order to avoid extort software to file into Row operation can further judge whether user passes through and credible chip acquisition file encryption key is called to carry out encryption behaviour to file Make, if it is not, then entering step S38;If it is, entering step S39.
Step S38 prevents covering/deletion original.
Optionally, determine user do not pass through call credible chip obtain file encryption key to file carry out cryptographic operation Later, it can determine that this time operation may be to extort the operation that software executes to prevent to protect the sensitive document of user User carries out covering operation or delete operation to file, namely user is prevented to cover/delete original, file credible operation monitoring Component can ignore the operation requests, or can directly abandon the operation requests, so that operating system kernel layer can not be to this Operation requests are responded.
Step S39 judges whether to be legitimate user.
Optionally, after determining that user needs to carry out write operation to file, in order to avoid illegal user carries out file Operation, can further judge whether the user is legitimate user, if it is, entering step S310;If it is not, then returning Step S38 can determine that this time operation is that the operation that illegal user carries out can prevent to protect the sensitive document of user Illegal user carries out covering operation or delete operation to file, namely illegal user is prevented to cover/delete original, file credible Operation monitoring part can ignore the operation requests, or can directly abandon the operation requests, thus operating system kernel layer The operation requests can not be responded.
It should be noted that legitimate user needs to complete following initialization:
Firstly, legitimate user (referred to as C) and file credible operate monitoring part (referred to as S) from business server cluster Platform credential issue center (referred to as PCA) and obtain respective platform credential Cert_AIKC and Cert_AIKS respectively, wherein Respective platform public key is AIKpk_C and AIKpk_S, and respective platform private key is AIKpriv_C and AIKpriv_S, respective Platform private key is stored in respective TPCM/TPM chip.PCA also has the platform credential Cert_AIKPCA and platform body of oneself The public and private key AIKpk_PCA and AIKpriv_PCA of part.C and S can obtain the platform identity public key for being intended to communication object from PCA And platform credential.
Secondly, C completes initialization registration to S, to become legitimate user, possess corresponding franchise password, and have submitted Lists of documents to be protected, wherein C is only intercepted and captured to the operation requests that file is operated in lists of documents to be protected.C can be from TPCM/TPM chip obtains the file encryption key of encryption file, and is stored in credible chip.
It should also be noted that, checking that encrypted file, C can be obtained from TPCM/TPM chip and be solved in order to facilitate user The file decryption key of ciphertext part, and be stored in credible chip.
Step S310 inputs proper password password.
Optionally, determine need the user that file is operated be legitimate user after, in order to ensure legitimate user Valid operation is carried out to file, file credible operation monitoring part can allow user to input password password, namely the legal use of input The franchise password possessed after the registration of family.
Step S311 judges whether password password is correct.
Optionally, file credible operation monitoring part judges whether the password password of user's input is correct, namely judgement is used Whether the franchise password possessed after the password password and legitimate user registrations of family input is identical, if identical, it is determined that password mouth It enables correctly, S36 can be entered step, determine that this time operation is not to extort the operation of software execution, can permit user to file Covering operation or delete operation are carried out, namely user is allowed to cover/delete original, file credible operates monitoring part and can incite somebody to action The operation requests are passed operating system kernel layer back and are responded;If it is not the same, then determining password password mistake, step can be entered Rapid S38 can prevent user from carrying out covering operation or delete operation, namely resistance to file to protect the sensitive document of user Only user covers/deletes original, and file credible operation monitoring part can ignore the operation requests, or can directly abandon The operation requests, so that operating system kernel layer can not respond the operation requests.
Scheme provided by the above embodiments of the present application 1 can monitor the operation requests operated to file in real time, when When monitoring operation requests, the operating characteristics of the available operation, and operating characteristics are analyzed, it determines and triggers credible core Piece encrypts file, to realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 1 provided by the present application as a result, The low and at high cost technical problem of exactness.
In the above embodiments of the present application, file credible operation monitoring component is also used to judge whether triggering credible chip to text Part carries out cryptographic operation, and credible chip is used for key encryption or decryption file using storage inside, wherein if triggering is credible Chip carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and executing allows legitimate user to hold file The step of row valid operation, carries out cryptographic operation to file if not triggering credible chip, it is determined that do not trigger credible chip and add Ciphertext part, and execute and forbid the step of valid operation is executed to file.
Specifically, above-mentioned credible chip can be credible chip as shown in Figure 2, and credible chip storage inside has to text Part carries out the separate keys of cryptographic operation or decryption oprerations, by calling credible chip that can trigger credible chip independent encryption File carries out cryptographic operation, covering operation or delete operation to file;Above-mentioned legitimate user can be the owner of file, Or possess the user of operating privilege, only legitimate user can carry out encryption behaviour to sensitive document by triggering credible chip The operations such as work, covering operation or delete operation.
It should be noted that since the essence for extorting software is that illegal user is added using the soft file to user is extorted After close, original document covered using encrypted file, or original document is deleted, therefore, for sensitive document, only closed Method user can carry out cryptographic operation, covering operation or delete to grasp by calling credible chip to obtain file encryption key to file Make, that is, executing valid operation.
In a kind of optional scheme, as shown in step S37 to step S39 in Fig. 3, based on the essence for extorting software, it is It avoids extorting software and file is operated, can analyze the operating characteristics of operation, trigger credible chip by judging whether Cryptographic operation is carried out to file, to determine whether triggering credible chip encrypts file.If it is determined that triggering credible chip is to file Carry out cryptographic operation, it is determined that triggering credible chip encrypts file, so as to allow legitimate user to carry out covering behaviour to file Work or delete operation, namely user is allowed to cover/delete original, file credible operates monitoring part can be by the operation requests Operating system kernel layer is passed back to be responded.Cryptographic operation is carried out to file if it is determined that not triggering credible chip, it is determined that not It triggers credible chip and encrypts file, can determine that this time operation may be to extort the operation of software execution, in order to protect user's Sensitive document can prevent user from carrying out covering operation or delete operation to file, namely prevent user cover/delete original text Part, file credible operation monitoring part can ignore the operation requests, or can directly abandon the operation requests, to operate System kernel layer can not respond the operation requests.
It should be noted that calling the file encryption stored in credible chip after triggering credible chip encryption file Key-pair file is encrypted, and in order to open encrypted file, can trigger credible chip, call in credible chip with file File is decrypted in the corresponding file decryption key of encryption key.
In the above embodiments of the present application, file credible operation monitoring component is also used to judging whether that triggering credible chip adds Before ciphertext part, judge whether the operating characteristics of operation are encryption behavior, if it is determined that operating characteristics belong to encryption behavior, judgement Whether credible chip encryption file is triggered.
In a kind of optional scheme, as shown in step S35 in Fig. 3 and step S37, based on the essence for extorting software, it is It avoids extorting software and file is operated, can first judge that user needs whether the operation carried out to file is encryption behaviour Make, after determining that user needs to carry out cryptographic operation to file, can further judge whether user passes through and call credible core Piece obtains file encryption key and carries out cryptographic operation to file, so that whether judgement this time operation is the behaviour for extorting software progress Make.
In the above embodiments of the present application, file credible operation monitoring component is also used to obtain the comentropy of file destination, sentences Whether disconnected comentropy reaches encryption threshold value, if it is determined that comentropy reaches encryption threshold value, it is determined that operating characteristics belong to encryption row Threshold value is not up to encrypted for, if it is determined that comentropy, it is determined that operating characteristics are not belonging to encryption behavior, wherein file destination is The file that file is covered.
Specifically, above-mentioned file destination can be intended to the file of covering original document;Above-mentioned encryption threshold value can be Encrypt the standard value of the comentropy of file.
In a kind of optional scheme, in order to judge whether user needs to carry out cryptographic operation to file, desire can be calculated Whether the comentropy for covering the file of original document reaches the standard value for encrypting the comentropy of file, if reached, it is determined that cover The file of lid original document is encryption file, that is, can determine that user needs to carry out cryptographic operation to file, it otherwise can be true Determine user not needing to carry out cryptographic operation to file.
In the above embodiments of the present application, file credible operation monitoring component is also used to obtain object content, judges in target Hold and whether meet encrypted feature, if it is determined that object content meets encrypted feature, it is determined that operating characteristics belong to encryption behavior, such as Fruit determines that object content does not meet encrypted feature, it is determined that operating characteristics are not belonging to encryption behavior, wherein object content is to text The content that part is covered.
Specifically, above-mentioned encrypted feature can be the feature of the content of encryption file.
In a kind of optional scheme, in order to judge whether user needs to carry out cryptographic operation to file, system can be passed through Meter, machine learning, pattern-recognition method identify whether the content of original document to be covered meets encrypted feature, if accorded with It closes, it is determined that cover the file of original document for encryption file, that is, can determine that user needs to carry out encryption behaviour to file Make, otherwise can determine that user does not need to carry out cryptographic operation to file.
In the above embodiments of the present application, file credible operation monitoring component is also used to determining that operating characteristics are not belonging to encrypt In the case where behavior, execution allows the step of executing valid operation to file.
In a kind of optional scheme, as shown in step S36 in Fig. 3, determining that user do not need to encrypt file After operation, it can determine that this time operation is not to extort the operation of software execution, can permit user and covering behaviour is carried out to file Work or delete operation, namely user is allowed to cover/delete original, file credible operates monitoring part can be by the operation requests Operating system kernel layer is passed back to be responded.
In the above embodiments of the present application, processing unit is also used to judge whether operation is write operation, if it is determined that operation is Write operation then judges whether the operating characteristics of operation are encryption behavior, if it is determined that operation is read operation, then executing allows to text Part executes the step of read operation.
In a kind of optional scheme, as shown in the step S33 to step S35 in Fig. 3, based on the essence for extorting software, File credible, which operates monitoring part, can judge whether user needs to carry out write operation to file, such as by analyzing operating characteristics Fruit is operated in order to avoid extorting software to file, needs further to judge whether write operation is cryptographic operation;If no It is that is, user needs to carry out read operation to file, then can determine that this time operation is not to extort the operation of software execution, because This can permit user and carries out read operation to file, and file credible operation monitoring part passes the operation requests in operating system back Stratum nucleare is responded.
In the above embodiments of the present application, file credible operation monitoring component is also used to obtain the password mouth of legitimate user's input It enables, judges whether password password is correct, if it is determined that password password is correct, then executing allows legitimate user legal to file execution The step of operation, if it is determined that password password mistake then executes and forbids the step of executing valid operation to file.
In a kind of optional scheme, as shown in step S310 in Fig. 3 and step S311, in order to ensure legitimate user is to text Part carries out valid operation, and file credible operation monitoring part can allow legitimate user to input password password, and judge that user inputs Password password and franchise password it is whether identical, if identical, it is determined that password password is correct, can determine that this time operation is not The operation for extorting software execution can permit user and carry out covering operation or delete operation to file, namely allow user cover/ Original is deleted, file credible operation monitoring part can pass the operation requests back operating system kernel layer and respond;Such as Fruit is not identical, it is determined that password password mistake can prevent user from covering file to protect the sensitive document of user Operation or delete operation, namely user is prevented to cover/delete original, file credible operation monitoring part can ignore the operation Request, or the operation requests can be directly abandoned, so that operating system kernel layer can not respond the operation requests.
In the above embodiments of the present application, processing unit is also used to obtain the registration request of legitimate user, generates legitimate user Franchise password, and receive legitimate user transmission listed files, wherein operation requests be in listed files file carry out The request of operation.
Specifically, above-mentioned listed files can be intended to protection lists of documents, be provided by legitimate user.
In a kind of optional scheme, legitimate user needs to operate monitoring part to file credible and completes initialization registration, To become legitimate user, possess corresponding franchise password, and have submitted lists of documents to be protected, wherein file credible operation Monitoring part is only intercepted and captured to the operation requests that file is operated in lists of documents to be protected.
It should be noted that file credible operation monitoring part can obtain the file of encryption file from TPCM/TPM chip Encryption key, and be stored in credible chip.
In the above embodiments of the present application, it is flat that file credible operation monitoring part is also used to issue center acquisition from platform credential Platform certificate, and platform credential is stored in credible chip, wherein platform credential includes: the platform credential and text of legitimate user The platform credential of part trusted operations monitoring parts.
Specifically, the platform credential that the above-mentioned platform credential center of issuing can be service server cluster issues center, It is stored with the platform credential of legitimate user and file credible operation monitoring part.
In a kind of optional scheme, legitimate user (referred to as C) and file credible operation monitoring part (referred to as S) from The platform credential of service server cluster issue center (referred to as PCA) obtain respectively respective platform credential Cert_AIKC and Cert_AIKS, wherein respective platform public key be AIKpk_C and AIKpk_S, respective platform private key be AIKpriv_C and AIKpriv_S, respective platform private key are stored in respective TPCM/TPM chip.PCA also has the platform credential Cert_ of oneself The AIKPCA and public and private key AIKpk_PCA and AIKpriv_PCA of platform identity.It is intended to lead to moreover, C and S can be obtained from PCA Believe the platform identity public key and platform credential of object.
Embodiment 2
According to the embodiment of the present application, a kind of embodiment of document handling method is additionally provided, it should be noted that in attached drawing Process the step of illustrating can execute in a computer system such as a set of computer executable instructions, although also, Logical order is shown in flow charts, but in some cases, can be executed with the sequence for being different from herein it is shown or The step of description.
Embodiment of the method provided by the embodiment of the present application one can be in mobile terminal, terminal or similar fortune It calculates and is executed in device.Fig. 4 shows a kind of hardware of terminal (or mobile device) for realizing document handling method Structural block diagram.As shown in figure 4, terminal 40 (or mobile device 40) may include it is one or more (in figure using 402a, 402b ... ..., 402n are shown) (processor 402 can include but is not limited to Micro-processor MCV or programmable patrols processor 402 The processing unit of volume device FPGA etc.), memory 404 for storing data and the transmitting device for communication function 406.It in addition to this, can also include: display, input/output interface (I/O interface), the port universal serial bus (USB) (a port that can be used as in the port of I/O interface is included), network interface, power supply and/or camera.The common skill in this field Art personnel are appreciated that structure shown in Fig. 4 is only to illustrate, and do not cause to limit to the structure of above-mentioned electronic device.For example, Terminal 40 may also include the more perhaps less component than shown in Fig. 4 or match with different from shown in Fig. 4 It sets.
It is to be noted that said one or multiple processors 402 and/or other data processing circuits lead to herein Can often " data processing circuit " be referred to as.The data processing circuit all or part of can be presented as software, hardware, firmware Or any other combination.In addition, data processing circuit for single independent judgment module or all or part of can be integrated to meter In any one in other elements in calculation machine terminal 40 (or mobile device).As involved in the embodiment of the present application, The data processing circuit controls (such as the selection for the variable resistance end path connecting with interface) as a kind of processor.
Memory 404 can be used for storing the software program and module of application software, such as the file in the embodiment of the present application Corresponding program instruction/the data storage device of processing method, the software that processor 402 is stored in memory 404 by operation Program and module realize above-mentioned document handling method thereby executing various function application and data processing.Memory 404 may include high speed random access memory, may also include nonvolatile memory, and such as one or more magnetic storage device dodges It deposits or other non-volatile solid state memories.In some instances, memory 404 can further comprise relative to processor 402 remotely located memories, these remote memories can pass through network connection to terminal 40.The reality of above-mentioned network Example includes but is not limited to internet, intranet, local area network, mobile radio communication and combinations thereof.
Transmitting device 406 is used to that data to be received or sent via a network.Above-mentioned network specific example may include The wireless network that the communication providers of terminal 40 provide.In an example, transmitting device 406 includes that a network is suitable Orchestration (Network Interface Controller, NIC), can be connected by base station with other network equipments so as to Internet is communicated.In an example, transmitting device 106 can be radio frequency (Radio Frequency, RF) module, For wirelessly being communicated with internet.
Display can such as touch-screen type liquid crystal display (LCD), the liquid crystal display aloow user with The user interface of terminal 40 (or mobile device) interacts.
Herein it should be noted that in some optional embodiments, above-mentioned computer equipment shown in Fig. 4 (or movement is set It is standby) it may include hardware element (including circuit), software element (including the computer generation that may be stored on the computer-readable medium Code) or both hardware element and software element combination.It should be pointed out that Fig. 1 is only a reality of particular embodiment Example, and it is intended to show that the type for the component that may be present in above-mentioned computer equipment (or mobile device).
Under above-mentioned running environment, this application provides document handling methods as shown in Figure 5.Fig. 5 is according to the application A kind of flow chart of document handling method of embodiment 2.As shown in figure 5, this method may include steps of:
Step S52 monitors the operation requests operated to file.
Specifically, file credible can be increased in the operating system kernel layer for possessing the host of TPCM or TPM credible chip Monitoring part is operated, which is used to intercept and capture all programs to the operation behavior of file, and above-mentioned host can be smart phone The mobile devices such as (including Android phone and IOS mobile phone), tablet computer, IPAD, palm PC, are also possible to PC computer, pen Remember that the computer equipments such as this computer, the application are not specifically limited in this embodiment;Above-mentioned file can be cannot be by other in host The sensitive document that user arbitrarily modifies, deletes is also possible to the sensitive document that user is not intended to other people arbitrarily to modify, delete, example Such as, for commercial user, sensitive document can be the files such as contract documents, customer information file, if above-mentioned file pays through the nose Software kidnapping, can bring massive losses to user;Above-mentioned operation may include: write operation, read operation, can specifically include and adds Operation, the application such as close operation, covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can basis Actual treatment needs are defined.
Step S54 obtains the operating characteristics of operation if monitoring operation requests.
Specifically, different operations has different operating characteristics, and operating characteristics can characterize specifically which type of Operation, and whether credible chip is called to operate etc..
Step S56 analyzes operating characteristics, determines that triggering credible chip encrypts file.
It should be noted that since the quantity of documents stored in host is more, it, can be only in order to promote file activity Sensitive document is monitored, and no longer All Files are monitored.
In a kind of optional scheme, in computer security application scenarios, TPCM or TPM can possessed in advance The operating system kernel layer of credible chip host increases file credible and operates monitoring part, operates monitoring part by file credible The operation requests to file are intercepted and captured, especially to the operation of sensitive document, that is, whenever file credible operation monitoring part monitoring When to the operation requests operated to sensitive document, which is intercepted, avoids operating system to this operation Request is responded.After file credible operation monitoring part intercepts operation, the operation of the available operation is special Sign, and operating characteristics are analyzed, judge whether the operation triggers credible chip encryption file, if it is determined that do not trigger, then It can determine that this time operation is illegal operation, in order to protect sensitive document, can forbid this time operating file execution, To which operating system does not respond this operation;If it is determined that triggering, then can determine this time operation be legitimate user into Capable valid operation can permit and execute this time operation to file, thus what file credible operation monitoring part release was intercepted Operation requests, operating system can respond this operation, complete corresponding operation.
Scheme provided by the above embodiments of the present application 2 can monitor the operation requests operated to file in real time, when When monitoring operation requests, the operating characteristics of the available operation, and operating characteristics are analyzed, it determines and triggers credible core Piece encrypts file, to realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 2 provided by the present application as a result, The low and at high cost technical problem of exactness.
In the above embodiments of the present application, step S56 analyzes operating characteristics, determines that triggering credible chip encrypts file, can be with Include the following steps:
Step S562 judges whether that triggering credible chip carries out cryptographic operation to file, and credible chip is used for using internal The key of storage encrypts or decryption file.
Wherein, if triggering credible chip carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and Execute the step of allowing legitimate user to execute valid operation to file;Encryption behaviour is carried out to file if not triggering credible chip Make, it is determined that do not trigger credible chip encryption file, and execute and forbid the step of valid operation is executed to file.
Specifically, above-mentioned credible chip can be credible chip as shown in Figure 2, and credible chip storage inside has to text Part carries out the separate keys of cryptographic operation or decryption oprerations, by calling credible chip that can trigger credible chip encryption text Part carries out cryptographic operation, covering operation or delete operation to file;Above-mentioned legitimate user can be the owner of file, or Person possesses the user of operating privilege, only legitimate user can by triggering credible chip to sensitive document carry out cryptographic operation, The operation such as covering operation or delete operation.
It should be noted that since the essence for extorting software is that illegal user is added using the soft file to user is extorted After close, original document covered using encrypted file, or original document is deleted, therefore, for sensitive document, only closed Method user can carry out cryptographic operation, covering operation or delete to grasp by calling credible chip to obtain file encryption key to file Make, that is, executing valid operation.
In a kind of optional scheme, as shown in step S37 to step S39 in Fig. 3, based on the essence for extorting software, it is It avoids extorting software and file is operated, can analyze the operating characteristics of operation, trigger credible chip by judging whether Cryptographic operation is carried out to file, to determine whether triggering credible chip encrypts file.If it is determined that triggering credible chip is to file Carry out cryptographic operation, it is determined that triggering credible chip encrypts file, so as to allow legitimate user to carry out covering behaviour to file Work or delete operation, namely user is allowed to cover/delete original, file credible operates monitoring part can be by the operation requests Operating system kernel layer is passed back to be responded.Cryptographic operation is carried out to file if it is determined that not triggering credible chip, it is determined that not It triggers credible chip and encrypts file, can determine that this time operation may be to extort the operation of software execution, in order to protect user's Sensitive document can prevent user from carrying out covering operation or delete operation to file, namely prevent user cover/delete original text Part, file credible operation monitoring part can ignore the operation requests, or can directly abandon the operation requests, to operate System kernel layer can not respond the operation requests.
It should be noted that calling the file encryption stored in credible chip after triggering credible chip encryption file Key-pair file is encrypted, and in order to open encrypted file, can trigger credible chip, call in credible chip with file File is decrypted in the corresponding file decryption key of encryption key.
In the above embodiments of the present application, in step S56, before judging whether to trigger credible chip encryption file, this method It can also include the following steps:
Step S510 judges whether the operating characteristics of operation are encryption behavior.
Step S512, if it is determined that operating characteristics belong to encryption behavior, judge whether to trigger credible chip encryption file.
In a kind of optional scheme, as shown in step S35 in Fig. 3 and step S37, based on extort software essence in order to It avoids extorting software and file is operated, can first judge that user needs whether the operation carried out to file is cryptographic operation, After determining that user needs to carry out cryptographic operation to file, it can further judge whether user passes through and credible chip is called to obtain File encryption key is taken to carry out cryptographic operation to file, so that whether judgement this time operation is the operation for extorting software progress.
In the above embodiments of the present application, step S510 judges whether the operating characteristics of operation are encryption behavior, may include Following steps:
Step S5101 obtains the comentropy of file destination, wherein file destination is the file covered to file.
Specifically, above-mentioned file destination can be intended to the file of covering original document.
Step S5102, judges whether comentropy reaches encryption threshold value.
Specifically, above-mentioned encryption threshold value can be the standard value of the comentropy of encryption file.
Step S5103, if it is determined that comentropy reaches encryption threshold value, it is determined that operating characteristics belong to encryption behavior.
Step S5104, if it is determined that comentropy not up to encrypts threshold value, it is determined that operating characteristics are not belonging to encryption behavior.
In a kind of optional scheme, in order to judge whether user needs to carry out cryptographic operation to file, desire can be calculated Whether the comentropy for covering the file of original document reaches the standard value for encrypting the comentropy of file, if reached, it is determined that cover The file of lid original document is encryption file, that is, can determine that user needs to carry out cryptographic operation to file, it otherwise can be true Determine user not needing to carry out cryptographic operation to file.
In the above embodiments of the present application, step S510 judges whether the operating characteristics of operation are encryption behavior, may include Following steps:
Step S5106 obtains object content, wherein object content is the content covered to file.
Step S5107, judges whether object content meets encrypted feature.
Specifically, above-mentioned encrypted feature can be the feature of the content of encryption file.
Step S5108, if it is determined that object content meets encrypted feature, it is determined that operating characteristics belong to encryption behavior.
Step S5109, if it is determined that object content does not meet encrypted feature, it is determined that operating characteristics are not belonging to encryption row For.
In a kind of optional scheme, in order to judge whether user needs to carry out cryptographic operation to file, system can be passed through Meter, machine learning, pattern-recognition method identify whether the content of original document to be covered meets encrypted feature, if accorded with It closes, it is determined that cover the file of original document for encryption file, that is, can determine that user needs to carry out encryption behaviour to file Make, otherwise can determine that user does not need to carry out cryptographic operation to file.
In the above embodiments of the present application, in the case where determining that operating characteristics are not belonging to encryption behavior, execution allows to text Part executes the step of valid operation.
In a kind of optional scheme, as shown in step S36 in Fig. 3, determining that user do not need to encrypt file After operation, it can determine that this time operation is not to extort the operation of software execution, can permit user and covering behaviour is carried out to file Work or delete operation, namely user is allowed to cover/delete original, file credible operates monitoring part can be by the operation requests Operating system kernel layer is passed back to be responded.
It,, should before whether the operating characteristics for judging operation are encryption behavior in step S510 in the above embodiments of the present application Method can also include the following steps:
Step S514 judges whether operation is write operation.
Step S516, if it is determined that operation is write operation, then judges whether the operating characteristics of operation are encryption behavior.
Step S518, if it is determined that operation is read operation, then executing allows the step of executing read operation to file.
In a kind of optional scheme, as shown in the step S33 to step S35 in Fig. 3, based on the essence for extorting software, File credible, which operates monitoring part, can judge whether user needs to carry out write operation to file, such as by analyzing operating characteristics Fruit is operated in order to avoid extorting software to file, needs further to judge whether write operation is cryptographic operation;If no It is that is, user needs to carry out read operation to file, then can determine that this time operation is not to extort the operation of software execution, because This can permit user and carries out read operation to file, and file credible operation monitoring part passes the operation requests in operating system back Stratum nucleare is responded.
In the above embodiments of the present application, in step S58, before allowing legitimate user to execute valid operation to file, the party Method can also include the following steps:
Step S520 obtains the password password of legitimate user's input.
Step S522 judges whether password password is correct.
Step S524, if it is determined that password password is correct, then executing allows legitimate user to execute valid operation to file Step.
Step S526, if it is determined that password password mistake then executes and forbids the step of executing valid operation to file.
In a kind of optional scheme, as shown in step S310 in Fig. 3 and step S311, in order to ensure legitimate user is to text Part carries out valid operation, and file credible operation monitoring part can allow legitimate user to input password password, and judge that user inputs Password password and franchise password it is whether identical, if identical, it is determined that password password is correct, can determine that this time operation is not The operation for extorting software execution can permit user and carry out covering operation or delete operation to file, namely allow user cover/ Original is deleted, file credible operation monitoring part can pass the operation requests back operating system kernel layer and respond;Such as Fruit is not identical, it is determined that password password mistake can prevent user from covering file to protect the sensitive document of user Operation or delete operation, namely user is prevented to cover/delete original, file credible operation monitoring part can ignore the operation Request, or the operation requests can be directly abandoned, so that operating system kernel layer can not respond the operation requests.
In the above embodiments of the present application, before step S520, the password password for obtaining legitimate user's input, this method is also It may include steps of:
Step S528 obtains the registration request of legitimate user.
Step S530 generates the franchise password of legitimate user.
Step S532 receives the listed files that legitimate user sends, wherein operation requests are to the file in listed files The request operated.
Specifically, above-mentioned listed files can be intended to protection lists of documents, be provided by legitimate user.
In a kind of optional scheme, legitimate user needs to operate monitoring part to file credible and completes initialization registration, To become legitimate user, possess corresponding franchise password, and have submitted lists of documents to be protected, wherein file credible operation Monitoring part is only intercepted and captured to the operation requests that file is operated in lists of documents to be protected.
It should be noted that file credible operation monitoring part can obtain the file of encryption file from TPCM/TPM chip Encryption key, and be stored in credible chip.
In the above embodiments of the present application, before step S528, the registration request for obtaining legitimate user, this method can be with Include the following steps:
Step S534 issues center from platform credential and obtains platform credential, wherein platform credential includes: legitimate user's The platform credential of platform credential and file credible operation monitoring component.
Specifically, the platform credential that the above-mentioned platform credential center of issuing can be service server cluster issues center, It is stored with the platform credential of legitimate user and file credible operation monitoring part.
Step S536, platform credential is stored in credible chip.
In a kind of optional scheme, legitimate user (referred to as C) and file credible operation monitoring part (referred to as S) from The platform credential of service server cluster issue center (referred to as PCA) obtain respectively respective platform credential Cert_AIKC and Cert_AIKS, wherein respective platform public key be AIKpk_C and AIKpk_S, respective platform private key be AIKpriv_C and AIKpriv_S, respective platform private key are stored in respective TPCM/TPM chip.PCA also has the platform credential Cert_ of oneself The AIKPCA and public and private key AIKpk_PCA and AIKpriv_PCA of platform identity.It is intended to lead to moreover, C and S can be obtained from PCA Believe the platform identity public key and platform credential of object.
It should be noted that for the various method embodiments described above, for simple description, therefore, it is stated as a series of Combination of actions, but those skilled in the art should understand that, the application is not limited by the described action sequence because According to the application, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art should also know It knows, the embodiments described in the specification are all preferred embodiments, related actions and modules not necessarily the application It is necessary.
Through the above description of the embodiments, those skilled in the art can be understood that according to above-mentioned implementation The method of example can be realized by means of software and necessary general hardware platform, naturally it is also possible to by hardware, but it is very much In the case of the former be more preferably embodiment.Based on this understanding, the technical solution of the application is substantially in other words to existing The part that technology contributes can be embodied in the form of software products, which is stored in a storage In medium (such as ROM/RAM, magnetic disk, CD), including some instructions are used so that a terminal device (can be mobile phone, calculate Machine, server or network equipment etc.) execute method described in each embodiment of the application.
Embodiment 3
According to the embodiment of the present application, additionally provide it is a kind of for implementing the document handling apparatus of above-mentioned document handling method, As shown in fig. 6, the device 600 includes: monitoring module 602, obtains module 604 and determining module 606.
Wherein, monitoring module 602 is for monitoring the operation requests operated to file;If obtaining module 604 to be used for Operation requests are monitored, the operating characteristics of operation are obtained;Determining module 606 determines for analyzing operating characteristics and triggers credible core Piece encrypts file.
Specifically, file credible can be increased in the operating system kernel layer for possessing the host of TPCM or TPM credible chip Monitoring part is operated, which is used to intercept and capture all programs to the operation behavior of file, and above-mentioned host can be smart phone The mobile devices such as (including Android phone and IOS mobile phone), tablet computer, IPAD, palm PC, are also possible to PC computer, pen Remember that the computer equipments such as this computer, the application are not specifically limited in this embodiment;Above-mentioned file can be cannot be by other in host The sensitive document that user arbitrarily modifies, deletes is also possible to the sensitive document that user is not intended to other people arbitrarily to modify, delete, example Such as, for commercial user, sensitive document can be the files such as contract documents, customer information file, if above-mentioned file pays through the nose Software kidnapping, can bring massive losses to user;Above-mentioned operation may include: write operation, read operation, can specifically include and adds Operation, the application such as close operation, covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can basis Actual treatment needs are defined, and different operations have a different operating characteristics, operating characteristics can characterize specifically which kind of The operation of type, and whether credible chip is called to operate etc..
Herein it should be noted that above-mentioned monitoring module 602, acquisition module 604 and determining module 606 correspond to embodiment Step S52 to step S56 in 2, three modules are identical as example and application scenarios that corresponding step is realized, but are not limited to 2 disclosure of that of above-described embodiment.It should be noted that above-mentioned module may operate in embodiment as a part of device In 2 terminals 10 provided.
Scheme provided by the above embodiments of the present application 3 can monitor the operation requests operated to file in real time, when When monitoring operation requests, the operating characteristics of the available operation, and operating characteristics are analyzed, it determines and triggers credible core Piece encrypts file, to realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 3 provided by the present application as a result, The low and at high cost technical problem of exactness.
In the above embodiments of the present application, judgment module is also used to judge whether that triggering credible chip carries out encryption behaviour to file Make, credible chip is used for key encryption or decryption file using storage inside;If execution module is also used to trigger credible core Piece carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and executing allows legitimate user to execute file The step of valid operation, carries out cryptographic operation to file if not triggering credible chip, it is determined that do not trigger credible chip encryption File, and execute and forbid the step of valid operation is executed to file.
In the above embodiments of the present application, judgment module is also used to judge whether the operating characteristics of operation are encryption behavior, such as Fruit determines that operating characteristics belong to encryption behavior, judges whether to trigger credible chip encryption file.
In the above embodiments of the present application, judgment module includes: acquiring unit, judging unit and determination unit.
Wherein, acquiring unit is used to obtain the comentropy of file destination, wherein file destination covers file File;Judging unit is for judging whether comentropy reaches encryption threshold value;Determination unit be used for if it is determined that comentropy reach plus Close threshold value, it is determined that operating characteristics belong to encryption behavior, if it is determined that comentropy not up to encrypts threshold value, it is determined that operating characteristics It is not belonging to encryption behavior.
In the above embodiments of the present application, judgment module includes: acquiring unit, judging unit and determination unit.
Wherein, acquiring unit is for obtaining object content, wherein object content is the content covered to file;Sentence Disconnected unit is for judging whether object content meets encrypted feature;Determination unit is used for if it is determined that object content meets encryption spy Sign, it is determined that operating characteristics belong to encryption behavior, if it is determined that object content does not meet encrypted feature, it is determined that operating characteristics are not Belong to encryption behavior.
In the above embodiments of the present application, execution module is also used to determining the case where operating characteristics are not belonging to encryption behavior Under, execution allows the step of executing valid operation to file.
In the above embodiments of the present application, judgment module is also used to judge whether operation is write operation, if it is determined that operation is Write operation then judges whether to trigger credible chip encryption file;Execution module is also used to if it is determined that operating is read operation, then is held Row allows the step of executing read operation to file.
In the above embodiments of the present application, the password password that module is also used to obtain legitimate user's input is obtained;Judgment module For judging whether password password is correct;Execution module is also used to if it is determined that password password is correct, then executing allows legal use The step of family executes valid operation to file, if it is determined that password password mistake then executes and forbids executing valid operation to file The step of.
In the above embodiments of the present application, the device further include: generation module and receiving module.
Wherein, the registration request that module is also used to obtain legitimate user is obtained;Generation module is for generating legitimate user's Franchise password;Receiving module, for receiving the listed files of legitimate user's transmission, wherein operation requests are in listed files The request that is operated of file.
In the above embodiments of the present application, the device further include: memory module.
Wherein, it obtains module and is also used to issue center from platform credential and obtain platform credential, wherein platform credential includes: The platform credential of legitimate user and the platform credential of file credible operation monitoring component;Memory module is also used to deposit platform credential Storage is in credible chip.
Embodiment 4
According to the embodiment of the present application, a kind of embodiment of data processing method is additionally provided, it should be noted that in attached drawing Process the step of illustrating can execute in a computer system such as a set of computer executable instructions, although also, Logical order is shown in flow charts, but in some cases, can be executed with the sequence for being different from herein it is shown or The step of description.
Fig. 7 is the flow chart according to a kind of data processing method of the embodiment of the present application 4.As shown in fig. 7, this method can be with Include the following steps:
Step S72 obtains the operation requests operated to data, wherein operation requests include operation code.
Specifically, file credible can be increased in the operating system kernel layer for possessing the host of TPCM or TPM credible chip Monitoring part is operated, which is used to intercept and capture all programs to the operation behavior of file, and above-mentioned host can be smart phone The mobile devices such as (including Android phone and IOS mobile phone), tablet computer, IPAD, palm PC, are also possible to PC computer, pen Remember that the computer equipments such as this computer, the application are not specifically limited in this embodiment;Above-mentioned data can be stored in cannot in host The data in sensitive document arbitrarily modified by other users, deleted, are also possible to user and other people are not intended to arbitrarily to modify, delete Sensitive document in data, for example, sensitive document can be the texts such as contract documents, customer information file for commercial user Data in part, if file pays through the nose, software kidnapping leads to not read data or data and be tampered to lead to error in data, Massive losses will be brought to user;Above-mentioned operation may include: write operation, read operation, can specifically include cryptographic operation, Operation, the application such as covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can be according to practical place Reason needs to be defined;The operation of each type is corresponding with an operation code in operating system, and operating system is receiving behaviour After requesting, it is which type of can to determine that user needs specifically to carry out data according to the operation code for including in operation requests Operation.
Step S74 determines triggering credible chip encryption data, wherein it is special that operation code corresponds to operation according to operation code Sign.
Specifically, different operations has different operating characteristics, and operating characteristics can characterize specifically which type of Operation, and whether credible chip is called to operate etc., according to the operation code in operation requests, it can determine corresponding operation Feature may further determine and need to carry out which type of operation.
It should be noted that above-mentioned data can be the data of storage hereof, carrying out operation to data be can be File is operated, is illustrated for being operated to file in the embodiment of the present application.Due to what is stored in host Quantity of documents is more, in order to promote file activity, can only be monitored to sensitive document, and no longer to All Files into Row monitoring.
In a kind of optional scheme, in computer security application scenarios, TPCM or TPM can possessed in advance The operating system kernel layer of credible chip host increases file credible and operates monitoring part, operates monitoring part by file credible The operation requests to file are intercepted and captured, especially to the operation of sensitive document, that is, whenever file credible operation monitoring part monitoring When to the operation requests operated to sensitive document, which is intercepted, avoids operating system to this operation Request is responded.After file credible operation monitoring part intercepts operation, the operation of the available operation is special Sign, and operating characteristics are analyzed, judge whether the operation triggers credible chip encryption file, if it is determined that do not trigger, then It can determine that this time operation is illegal operation, in order to protect sensitive document, can forbid this time operating file execution, To which operating system does not respond this operation;If it is determined that triggering, then can determine this time operation be legitimate user into Capable valid operation can permit and execute this time operation to file, thus what file credible operation monitoring part release was intercepted Operation requests, operating system can respond this operation, complete corresponding operation.
Scheme provided by the above embodiments of the present application 4 can obtain the operation requests operated to data, In in real time After getting operation requests, can be requested with extraction operation in operation code determine that triggering credible chip adds and according to operation code Ciphertext part, to realize that the purpose that software operates data is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user by credible chip encryption data, just allows to execute data Covering operation or delete operation without backing up to data, are largely deposited compared with prior art without mating sacrifice Storage space stores Backup Data;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host A small amount of legitimate user of operable data is managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 4 provided by the present application as a result, The low and at high cost technical problem of exactness.
Embodiment 5
According to the embodiment of the present application, additionally provide it is a kind of for implementing the document handling apparatus of above-mentioned data processing method, As shown in figure 8, the device 800 includes: to obtain module 802 and determining module 804.
Wherein, module 802 is obtained for obtaining the operation requests operated to data, wherein operation requests include behaviour Make code;Determining module 804 is used to determine triggering credible chip encryption data, wherein operation code corresponds to operation according to operation code Feature.
Specifically, file credible can be increased in the operating system kernel layer for possessing the host of TPCM or TPM credible chip Monitoring part is operated, which is used to intercept and capture all programs to the operation behavior of file, and above-mentioned host can be smart phone The mobile devices such as (including Android phone and IOS mobile phone), tablet computer, IPAD, palm PC, are also possible to PC computer, pen Remember that the computer equipments such as this computer, the application are not specifically limited in this embodiment;Above-mentioned data can be stored in cannot in host The data in sensitive document arbitrarily modified by other users, deleted, are also possible to user and other people are not intended to arbitrarily to modify, delete Sensitive document in data, for example, sensitive document can be the texts such as contract documents, customer information file for commercial user Data in part, if file pays through the nose, software kidnapping leads to not read data or data and be tampered to lead to error in data, Massive losses will be brought to user;Above-mentioned operation may include: write operation, read operation, can specifically include cryptographic operation, Operation, the application such as covering operation or delete operation are not specifically limited in this embodiment, and the concrete type of operation can be according to practical place Reason needs to be defined;The operation of each type is corresponding with an operation code in operating system, and operating system is receiving behaviour After requesting, it is which type of can to determine that user needs specifically to carry out data according to the operation code for including in operation requests Operation;Different operations have different operating characteristics, and operating characteristics can characterize specifically which type of operation, Yi Jishi No calling credible chip operates etc., according to the operation code in operation requests, can determine corresponding operation feature, further It can determine and need to carry out which type of operation.
Herein it should be noted that above-mentioned acquisition module 802 and determining module 804 correspond to the step S72 in embodiment 4 To step S74, two modules are identical as example and application scenarios that corresponding step is realized, but are not limited to the above embodiments 4 Disclosure of that.It should be noted that above-mentioned module may operate in the calculating of the offer of embodiment 2 as a part of device In machine terminal 10.
Scheme provided by the above embodiments of the present application 5 can obtain the operation requests operated to data, In in real time After getting operation requests, can be requested with extraction operation in operation code determine that triggering credible chip adds and according to operation code Ciphertext part, to realize that the purpose that software operates data is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user by credible chip encryption data, just allows to execute data Covering operation or delete operation without backing up to data, are largely deposited compared with prior art without mating sacrifice Storage space stores Backup Data;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host A small amount of legitimate user of operable data is managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 5 provided by the present application as a result, The low and at high cost technical problem of exactness.
Embodiment 6
According to the embodiment of the present application, a kind of document handling system is additionally provided, comprising:
Processor.And
Memory is connect with processor, for providing the instruction for handling following processing step for processor: monitoring is to file The operation requests operated;If monitoring operation requests, the operating characteristics of operation are obtained;Operating characteristics are analyzed, determine touching It sends out credible chip and encrypts file.
Scheme provided by the above embodiments of the present application 6 can monitor the operation requests operated to file in real time, when When monitoring operation requests, the operating characteristics of the available operation, and operating characteristics are analyzed, it determines and triggers credible core Piece encrypts file, to realize that the purpose that software operates file is extorted in identification and prevention.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved About management cost improves processing accuracy, promotes the technical effect of user experience.
It is quasi- to solve document handling method processing in the prior art for the scheme of above-described embodiment 6 provided by the present application as a result, The low and at high cost technical problem of exactness.
Embodiment 7
Embodiments herein can provide a kind of terminal, which can be in terminal group Any one computer terminal.Optionally, in the present embodiment, above-mentioned terminal also could alternatively be mobile whole The terminal devices such as end.
Optionally, in the present embodiment, above-mentioned terminal can be located in multiple network equipments of computer network At least one network equipment.
In the present embodiment, above-mentioned terminal can execute the program code of following steps in document handling method: Monitor the operation requests operated to file;If monitoring operation requests, the operating characteristics of operation are obtained;Analysis operation is special Sign determines that triggering credible chip encrypts file.
Optionally, Fig. 9 is the structural block diagram according to a kind of terminal of the embodiment of the present application.As shown in figure 9, the meter Calculation machine terminal A may include: one or more (one is only shown in figure) processors 902 and memory 904.
Wherein, memory can be used for storing software program and module, such as the document handling method in the embodiment of the present application Program instruction/module corresponding with device, the software program and module that processor is stored in memory by operation, thus Application and data processing are performed various functions, that is, realizes above-mentioned document handling method.Memory may include that high speed is deposited at random Reservoir, can also include nonvolatile memory, such as one or more magnetic storage device, flash memory or other are non-volatile Property solid-state memory.In some instances, memory can further comprise the memory remotely located relative to processor, these Remote memory can pass through network connection to terminal A.The example of above-mentioned network includes but is not limited to internet, enterprises Net, local area network, mobile radio communication and combinations thereof.
Processor can call the information and application program of memory storage by transmitting device, to execute following step: Monitor the operation requests operated to file;If monitoring operation requests, the operating characteristics of operation are obtained;Analysis operation is special Sign determines that triggering credible chip encrypts file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: judging whether to trigger credible chip pair File carries out cryptographic operation, and credible chip is used for key encryption or decryption file using storage inside;Wherein, if triggering can Believe that chip carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and executing allows legitimate user to file The step of executing valid operation;Cryptographic operation is carried out to file if not triggering credible chip, it is determined that do not trigger credible chip File is encrypted, and executes and forbids the step of valid operation is executed to file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: judging whether to trigger credible chip Before encrypting file, judge whether the operating characteristics of operation are encryption behavior;If it is determined that operating characteristics belong to encryption behavior, sentence It is disconnected whether to trigger credible chip encryption file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: the comentropy of file destination is obtained, In, file destination is the file covered to file;Judge whether comentropy reaches encryption threshold value;If it is determined that comentropy reaches To encryption threshold value, it is determined that operating characteristics belong to encryption behavior;If it is determined that comentropy not up to encrypts threshold value, it is determined that operation Feature is not belonging to encryption behavior.
Optionally, the program code of following steps can also be performed in above-mentioned processor: obtaining object content, wherein target Content is the content covered to file;Judge whether object content meets encrypted feature;If it is determined that object content meets Encrypted feature, it is determined that operating characteristics belong to encryption behavior;If it is determined that object content does not meet encrypted feature, it is determined that operation Feature is not belonging to encryption behavior.
Optionally, the program code of following steps can also be performed in above-mentioned processor: determine operating characteristics be not belonging to plus In the case that space-in is, execution allows the step of executing valid operation to file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: being in the operating characteristics of judgement operation It is no before encryption behavior, to judge whether operation is write operation;If it is determined that operation is write operation, then judge that the operation of operation is special Whether sign is encryption behavior;If it is determined that operation is read operation, then executing allows the step of executing read operation to file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: legitimate user being allowed to hold file Before row valid operation, the password password of legitimate user's input is obtained;Judge whether password password is correct;If password password is just Really, then the step of allowing legitimate user to execute valid operation to file is executed;If it is determined that password password mistake, then execute and forbid The step of valid operation is executed to file.
Optionally, the program code of following steps can also be performed in above-mentioned processor: obtaining the close of legitimate user's input Before code password, the registration request of legitimate user is obtained;Generate the franchise password of legitimate user;Receive the text that legitimate user sends Part list, wherein operation requests are the request operated to the file in listed files.
Optionally, the program code of following steps can also be performed in above-mentioned processor: asking in the registration for obtaining legitimate user Before asking, from platform credential issue center obtain platform credential, wherein platform credential include: legitimate user platform credential and The platform credential of file credible operation monitoring component;Platform credential is stored in credible chip.
Using the embodiment of the present application, the operation requests operated to file can be monitored in real time, asked when monitoring operation When asking, the operating characteristics of the available operation, and operating characteristics are analyzed, further determine whether triggering credible chip Encrypt file, if it is determined that triggering credible chip encrypts file, then legitimate user is allowed to execute valid operation to file, thus real It now identifies and prevents to extort the purpose that software operates file.
It is easily noted that, due to only having legitimate user to encrypt file by credible chip, just allows to execute file Covering operation or delete operation without backing up to file, are largely deposited compared with prior art without mating sacrifice Storage space stores backup file;One large and complete editing machine white list of maintenance is not needed, it is only necessary in host Can a small amount of legitimate user of operation file be managed;The new variant for extorting software can be dealt with, saving memory space is reached, is saved About management cost improves processing accuracy, promotes the technical effect of user experience.
It is low and at high cost to solve document handling method processing accuracy in the prior art for scheme provided by the present application as a result, The technical issues of.
It will appreciated by the skilled person that structure shown in Fig. 9 is only to illustrate, terminal is also possible to intelligence It can mobile phone (such as Android phone, iOS mobile phone), tablet computer, applause computer and mobile internet device (Mobile Internet Devices, MID), the terminal devices such as PAD.Fig. 9 it does not cause to limit to the structure of above-mentioned electronic device.Example Such as, terminal A may also include the more or less component (such as network interface, display device) than shown in Fig. 9, or Person has the configuration different from shown in Fig. 9.
Those of ordinary skill in the art will appreciate that all or part of the steps in the various methods of above-described embodiment is can It is completed with instructing the relevant hardware of terminal device by program, which can store in a computer readable storage medium In, storage medium may include: flash disk, read-only memory (Read-Only Memory, ROM), random access device (Random Access Memory, RAM), disk or CD etc..
Embodiment 8
Embodiments herein additionally provides a kind of storage medium.Optionally, in the present embodiment, above-mentioned storage medium can For saving program code performed by document handling method provided by above-described embodiment one.
Optionally, in the present embodiment, above-mentioned storage medium can be located in computer network in computer terminal group In any one terminal, or in any one mobile terminal in mobile terminal group.
Optionally, in the present embodiment, storage medium is arranged to store the program code for executing following steps: prison Control the operation requests operated to file;If monitoring operation requests, the operating characteristics of operation are obtained;Analysis operation is special Sign determines that triggering credible chip encrypts file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: judging whether It triggers credible chip and cryptographic operation is carried out to file, credible chip is used for key encryption or decryption file using storage inside; Wherein, if triggering credible chip carries out cryptographic operation to file, it is determined that triggering credible chip encrypts file, and executes permission The step of legitimate user executes valid operation to file;Cryptographic operation is carried out to file if not triggering credible chip, it is determined that Credible chip encryption file is not triggered, and is executed and forbidden the step of valid operation is executed to file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: being in judgement Before no triggering credible chip encryption file, judge whether the operating characteristics of operation are encryption behavior;If it is determined that operating characteristics Belong to encryption behavior, judges whether to trigger credible chip encryption file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: obtaining target The comentropy of file, wherein file destination is the file covered to file;Judge whether comentropy reaches encryption threshold value; If it is determined that comentropy reaches encryption threshold value, it is determined that operating characteristics belong to encryption behavior;If it is determined that comentropy not up to adds Close threshold value, it is determined that operating characteristics are not belonging to encryption behavior.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: obtaining target Content, wherein object content is the content covered to file;Judge whether object content meets encrypted feature;If really The content that sets the goal meets encrypted feature, it is determined that operating characteristics belong to encryption behavior;If it is determined that object content does not meet encryption Feature, it is determined that operating characteristics are not belonging to encryption behavior.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: grasping determining In the case where encryption behavior is not belonging to as feature, execution allows the step of executing valid operation to file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: grasping in judgement Before whether the operating characteristics of work are encryption behavior, judge whether operation is write operation;If it is determined that operation is write operation, then sentence Whether the operating characteristics of disconnected operation are encryption behavior;If it is determined that operation is read operation, then executes to allow to execute file and read behaviour The step of making.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: allowing to close Before method user executes valid operation to file, the password password of legitimate user's input is obtained;Judge whether password password is correct; If password password is correct, the step of allowing legitimate user to execute valid operation to file is executed;If it is determined that password password Mistake then executes and forbids the step of executing valid operation to file.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: closing obtaining Before the password password of method user input, the registration request of legitimate user is obtained;Generate the franchise password of legitimate user;It receives and closes The listed files that method user sends, wherein operation requests are the request operated to the file in listed files.
Optionally, above-mentioned storage medium is also configured to store the program code for executing following steps: closing obtaining Before the registration request of method user, center is issued from platform credential and obtains platform credential, wherein platform credential includes: legal use The platform credential at family and the platform credential of file credible operation monitoring component;Platform credential is stored in credible chip.
Above-mentioned the embodiment of the present application serial number is for illustration only, does not represent the advantages or disadvantages of the embodiments.
In above-described embodiment of the application, all emphasizes particularly on different fields to the description of each embodiment, do not have in some embodiment The part of detailed description, reference can be made to the related descriptions of other embodiments.
In several embodiments provided herein, it should be understood that disclosed technology contents can pass through others Mode is realized.Wherein, the apparatus embodiments described above are merely exemplary, such as the division of the unit, only A kind of logical function partition, there may be another division manner in actual implementation, for example, multiple units or components can combine or Person is desirably integrated into another system, or some features can be ignored or not executed.Another point, shown or discussed is mutual Between coupling, direct-coupling or communication connection can be through some interfaces, the INDIRECT COUPLING or communication link of unit or module It connects, can be electrical or other forms.
The unit as illustrated by the separation member may or may not be physically separated, aobvious as unit The component shown may or may not be physical unit, it can and it is in one place, or may be distributed over multiple In network unit.It can select some or all of unit therein according to the actual needs to realize the mesh of this embodiment scheme 's.
It, can also be in addition, each functional unit in each embodiment of the application can integrate in one processing unit It is that each unit physically exists alone, can also be integrated in one unit with two or more units.Above-mentioned integrated list Member both can take the form of hardware realization, can also realize in the form of software functional units.
If the integrated unit is realized in the form of SFU software functional unit and sells or use as independent product When, it can store in a computer readable storage medium.Based on this understanding, the technical solution of the application is substantially The all or part of the part that contributes to existing technology or the technical solution can be in the form of software products in other words It embodies, which is stored in a storage medium, including some instructions are used so that a computer Equipment (can for personal computer, server or network equipment etc.) execute each embodiment the method for the application whole or Part steps.And storage medium above-mentioned includes: that USB flash disk, read-only memory (ROM, Read-Only Memory), arbitrary access are deposited Reservoir (RAM, Random Access Memory), mobile hard disk, magnetic or disk etc. be various to can store program code Medium.
The above is only the preferred embodiment of the application, it is noted that for the ordinary skill people of the art For member, under the premise of not departing from the application principle, several improvements and modifications can also be made, these improvements and modifications are also answered It is considered as the protection scope of the application.

Claims (15)

1. a kind of document handling method characterized by comprising
Monitor the operation requests operated to file;
If monitoring the operation requests, the operating characteristics of the operation are obtained;
The operating characteristics are analyzed, determine that triggering credible chip encrypts the file.
2. determining that triggering credible chip adds the method according to claim 1, wherein analyzing the operating characteristics The close file, comprising:
Judge whether that triggering the credible chip carries out cryptographic operation to the file, the credible chip using inside for depositing The key of storage encrypts or decrypts the file;
Wherein, the cryptographic operation is carried out to the file if triggering the credible chip, it is determined that the triggering credible core Piece encrypts the file, and executes the step of allowing legitimate user to execute valid operation to the file;
The cryptographic operation is carried out to the file if not triggering the credible chip, it is determined that do not trigger the credible chip The file is encrypted, and executes and forbids the step of valid operation is executed to the file.
3. according to the method described in claim 2, it is characterized in that, judge whether to trigger credible chip encrypt the file it Before, the method also includes:
Whether the operating characteristics for judging the operation are encryption behavior;
If it is determined that the operating characteristics belong to the encryption behavior, judge whether that triggering credible chip encrypts the file.
4. according to the method described in claim 3, it is characterized in that, whether the operating characteristics for judging the operation are encryption row For, comprising:
Obtain the comentropy of file destination, wherein the file destination is the file covered to the file;
Judge whether the comentropy reaches encryption threshold value;
If it is determined that the comentropy reaches the encryption threshold value, it is determined that the operating characteristics belong to encryption behavior;
If it is determined that the comentropy is not up to the encryption threshold value, it is determined that the operating characteristics are not belonging to encryption behavior.
5. according to the method described in claim 3, it is characterized in that, whether the operating characteristics for judging the operation are encryption row For, comprising:
Obtain object content, wherein the object content is the content covered to the file;
Judge whether the object content meets encrypted feature;
If it is determined that the object content meets the encrypted feature, it is determined that the operating characteristics belong to encryption behavior;
If it is determined that the object content does not meet the encrypted feature, it is determined that the operating characteristics are not belonging to encryption behavior.
6. according to the method described in claim 3, it is characterized in that, determining that the operating characteristics are not belonging to the encryption behavior In the case where, execution allows the step of executing valid operation to the file.
7. according to the method described in claim 3, it is characterized in that, whether being encryption row in the operating characteristics for judging the operation For before, the method also includes:
Judge whether the operation is write operation;
If it is determined that the operation is write operation, then judge whether the operating characteristics of the operation are encryption behavior;
If it is determined that the operation is read operation, then executing allows the step of executing the read operation to the file.
8. according to the method described in claim 2, it is characterized in that, allowing legitimate user to execute valid operation to the file Before, the method also includes:
Obtain the password password of legitimate user's input;
Judge whether the password password is correct;
If it is determined that the password password is correct, then the step of allowing legitimate user to execute valid operation to the file is executed;
If it is determined that the password password mistake, then execute and forbid the step of executing the valid operation to the file.
9. according to the method described in claim 8, it is characterized in that, the password password for obtaining legitimate user input it Before, the method also includes:
Obtain the registration request of the legitimate user;
Generate the franchise password of the legitimate user;
Receive the listed files that the legitimate user sends, wherein the operation requests are to the file in the listed files The request operated.
10. according to the method described in claim 9, it is characterized in that, before the registration request for obtaining the legitimate user, institute State method further include:
Center is issued from platform credential and obtains platform credential, wherein the platform credential includes: the platform card of the legitimate user The platform credential of book and file credible operation monitoring component;
The platform credential is stored in the credible chip.
11. a kind of document handling system characterized by comprising
File credible operation monitoring component, for monitoring the operation requests operated to file, if monitoring the operation Request, obtains the operating characteristics of the operation;
Credible chip, for encrypting the file;
The file credible operation monitoring component has correspondence with the credible chip, it is special to be also used to analyze the operation Sign determines that triggering the credible chip encrypts the file.
12. a kind of storage medium, which is characterized in that the storage medium includes the program of storage, wherein run in described program When control the storage medium where equipment execute following steps: the operation requests that monitoring operates file;If monitoring To the operation requests, the operating characteristics of the operation are obtained;The operating characteristics are analyzed, determine that triggering credible chip encrypts institute State file.
13. a kind of processor, which is characterized in that the processor is for running program, wherein executed such as when described program is run Lower step: the operation requests that monitoring operates file;If monitoring the operation requests, the operation of the operation is obtained Feature;The operating characteristics are analyzed, determine that triggering credible chip encrypts the file.
14. a kind of document handling system characterized by comprising
Processor;And
Memory is connected to the processor, for providing the instruction for handling following processing step for the processor: monitoring pair The operation requests that file is operated;If monitoring the operation requests, the operating characteristics of the operation are obtained;Described in analysis Operating characteristics determine that triggering credible chip encrypts the file.
15. a kind of data processing method characterized by comprising
Obtain the operation requests operated to data, wherein the operation requests include operation code;
According to the operation code, determine that triggering credible chip encrypts the data, wherein it is special that the operation code corresponds to operation Sign.
CN201810399221.9A 2018-04-28 2018-04-28 File processing method and system and data processing method Active CN110414258B (en)

Priority Applications (4)

Application Number Priority Date Filing Date Title
CN201810399221.9A CN110414258B (en) 2018-04-28 2018-04-28 File processing method and system and data processing method
TW108107620A TW201945969A (en) 2018-04-28 2019-03-07 File processing method and system, and data processing method
PCT/US2019/028185 WO2019209630A1 (en) 2018-04-28 2019-04-18 File processing method and system, and data processing method
US16/388,734 US20190332765A1 (en) 2018-04-28 2019-04-18 File processing method and system, and data processing method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810399221.9A CN110414258B (en) 2018-04-28 2018-04-28 File processing method and system and data processing method

Publications (2)

Publication Number Publication Date
CN110414258A true CN110414258A (en) 2019-11-05
CN110414258B CN110414258B (en) 2023-05-30

Family

ID=68292551

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810399221.9A Active CN110414258B (en) 2018-04-28 2018-04-28 File processing method and system and data processing method

Country Status (4)

Country Link
US (1) US20190332765A1 (en)
CN (1) CN110414258B (en)
TW (1) TW201945969A (en)
WO (1) WO2019209630A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117313134A (en) * 2023-11-29 2023-12-29 联通(广东)产业互联网有限公司 File encryption method and device, electronic equipment and storage medium

Families Citing this family (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20220318411A1 (en) * 2021-03-30 2022-10-06 EMC IP Holding Company LLC Adaptive metadata encryption for a data protection software
US11757934B1 (en) 2021-06-24 2023-09-12 Airgap Networks Inc. Extended browser monitoring inbound connection requests for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
US11695799B1 (en) * 2021-06-24 2023-07-04 Airgap Networks Inc. System and method for secure user access and agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
US11736520B1 (en) 2021-06-24 2023-08-22 Airgap Networks Inc. Rapid incidence agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
US11757933B1 (en) 2021-06-24 2023-09-12 Airgap Networks Inc. System and method for agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
US11722519B1 (en) 2021-06-24 2023-08-08 Airgap Networks Inc. System and method for dynamically avoiding double encryption of already encrypted traffic over point-to-point virtual private networks for lateral movement protection from ransomware
US11916957B1 (en) 2021-06-24 2024-02-27 Airgap Networks Inc. System and method for utilizing DHCP relay to police DHCP address assignment in ransomware protected network
US11711396B1 (en) 2021-06-24 2023-07-25 Airgap Networks Inc. Extended enterprise browser blocking spread of ransomware from alternate browsers in a system providing agentless lateral movement protection from ransomware for endpoints deployed under a default gateway with point to point links
TWI769038B (en) * 2021-08-04 2022-06-21 林長毅 Method for preventing data kidnapping and related computer program
TWI789944B (en) * 2021-10-08 2023-01-11 精品科技股份有限公司 Method of application control based on different scanning schemes

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106484570A (en) * 2016-10-28 2017-03-08 福建平实科技有限公司 A kind of backpu protecting method and system extorting software document data for defence
CN106845222A (en) * 2016-12-02 2017-06-13 哈尔滨安天科技股份有限公司 A kind of detection method and system of blackmailer's virus
US20170339178A1 (en) * 2013-12-06 2017-11-23 Lookout, Inc. Response generation after distributed monitoring and evaluation of multiple devices
US20180007069A1 (en) * 2016-07-01 2018-01-04 Mcafee, Inc. Ransomware Protection For Cloud File Storage
CN107871089A (en) * 2017-12-04 2018-04-03 杭州安恒信息技术有限公司 File means of defence and device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9208335B2 (en) * 2013-09-17 2015-12-08 Auburn University Space-time separated and jointly evolving relationship-based network access and data protection system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170339178A1 (en) * 2013-12-06 2017-11-23 Lookout, Inc. Response generation after distributed monitoring and evaluation of multiple devices
US20180007069A1 (en) * 2016-07-01 2018-01-04 Mcafee, Inc. Ransomware Protection For Cloud File Storage
CN106484570A (en) * 2016-10-28 2017-03-08 福建平实科技有限公司 A kind of backpu protecting method and system extorting software document data for defence
CN106845222A (en) * 2016-12-02 2017-06-13 哈尔滨安天科技股份有限公司 A kind of detection method and system of blackmailer's virus
CN107871089A (en) * 2017-12-04 2018-04-03 杭州安恒信息技术有限公司 File means of defence and device

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117313134A (en) * 2023-11-29 2023-12-29 联通(广东)产业互联网有限公司 File encryption method and device, electronic equipment and storage medium

Also Published As

Publication number Publication date
WO2019209630A1 (en) 2019-10-31
US20190332765A1 (en) 2019-10-31
TW201945969A (en) 2019-12-01
CN110414258B (en) 2023-05-30

Similar Documents

Publication Publication Date Title
CN110414258A (en) Document handling method and system, data processing method
US10606988B2 (en) Security device, methods, and systems for continuous authentication
US11494754B2 (en) Methods for locating an antenna within an electronic device
CN106341381B (en) Manage the method and system of the safe golden key of frame server system
US9531710B2 (en) Behavioral authentication system using a biometric fingerprint sensor and user behavior for authentication
US9047464B2 (en) Continuous monitoring of computer user and computer activities
US9092605B2 (en) Ongoing authentication and access control with network access device
CN105874464B (en) System and method for introducing variation in subsystem output signal to prevent device-fingerprint from analyzing
US11240224B2 (en) Systems, methods and apparatuses for identity access management and web services access
US20150347773A1 (en) Method and system for implementing data security policies using database classification
EP3005210B1 (en) Secure automatic authorized access to any application through a third party
CN109446259B (en) Data processing method and device, processor and storage medium
CN105554908A (en) Method, master device, slave device and system for achieving code scanning automatic bluetooth connection
EP4242891A2 (en) Systems and methods for securing login access
CN106030527B (en) By the system and method for application notification user available for download
CN107196971A (en) Information processing method, device, electronic equipment and server
CN114598671B (en) Session message processing method, device, storage medium and electronic equipment
US11379568B2 (en) Method and system for preventing unauthorized computer processing
CN109284608A (en) Extort recognition methods, device and equipment, the security processing of software
CN104980279A (en) Identity authentication method, and related equipment and system
CN115080946A (en) Password input method and input device
CN117371987A (en) Operation and maintenance audit management method and electronic equipment
CN112989406A (en) Information processing method, device, equipment and storage medium
CN115509930A (en) Method and related device for checking data exception caused by tissue architecture change

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40016270

Country of ref document: HK

GR01 Patent grant
GR01 Patent grant